This training is for every developer interested in writing more secure code. If you design applications, build, or even test solutions, this training is for you.
Here’s what your team will get
Access to the seminar
This seminar is full of real-life examples, findings from studies and practical approaches your team will find useful to know in order to protect their code and applications.
Full slides and additional resources
After the seminar they will get access to all the slides presented. They will also get some extra resources: materials and tools to put your knowledge into practice.
Ask the expert
During and after the seminar they will be able to ask questions from our security expert with over 10 years of experience in the field of security.
Essential topics covered
Intro: an overview on the Windows Security (from the architecture point of view) like processes, threads, tokens, impersonation, delegation, kernel objects.
The pillars: Reconnaissance, Scanning, Gaining Access, Elevation of privileges, Attacking and removing the traces
How can we look for vulnerabilities
- DoS, Buffer overflow, Malformed or Malicious input
- This is where I talk about SQL Injection, XSS, etc.
How to become and what can do a man in the middle
- Wired/wireless networks
- Network Poisoning / Spoofing
How to elevate the privileges
- Token related discussions, etc.
How can we look for vulnerabilities
The pragmatic point of view: Threat Modeling and the SDL process
- What is, how does it work, the pillars
Certificates: how do they work, the good and bad practices
The developer best and worst practices
Why should you care about Security ?
Whatever developer or IT topic you work with, security is something you should always be aware of. There are many false preconceptions which should be debunked.
You can add security after the project is done
Most people believe they can add security after the project is finished. This is not true. There are famous cases where projects have been abandoned because the architecture suffered from security issues that could not be adjusted anymore.
Security should only commissioned to penetration testers
Others believe that security should be only commissioned to penetration testers. Again, this is not true. While penetration testing helps, these are activities from the attacker perspective that only reveal a part of the problem. There are still many things that can be done in the role of defenders with the full knowledge of the architecture and design of the application.
Just follow best practices
Another false myth is that best practices and some kind of expert wizardry are the way to protect application vulnerabilities. Again, these are useful but the right way to conduct all the practices is to create a threat model, a process that reveal the potential vulnerabilities and give back a risk analysis that is extremely useful to evaluate the priorities.
What this training offers for you and your team
Security should never be just an afterthought
Recent IT security studies show that it takes 200 days on average to detect a security breach, and another 80 days to recover from it.
The need for secure systems is now more acute than ever. Your clients demand that you build secure solutions, and they see it as a right, not a privilege. More often than not later security fixes often become expensive.
Mastering a set of techniques and ways necessary to writing code that make hackers’ lives more difficult and defend applications against attacks is essential for every business.
From theory to practice
After covering the most important theory concepts on the Windows, networking and security architecture, in this seminar we walk through the typical attacks against applications to examine the security issues from both the attacker and the defender perspectives.
For each of the typical steps conducted by an attacker to reach your assets, we will see what can be done from the defender perspective. We will analyze each step and see what can be done in the infrastructure, in the application and which synergy is needed to make everything effective.
Meet the Trainer
Senior Software Architect, Developer Security MVP
Raffaele Rialdi is a senior Software Architect working as a consultant, speaker and trainer. Since 2003, he is a Microsoft MVP in the Developer Security category and part of the Microsoft Developer Guidance Advisory Council. His passion for the community brought him to be member of the board of UGIdotNET, president of DotNetLiguria and co-founder of the Italian C++ user group.
Currently he is working as architect and developer on the backend of an enterprise project and working on cross-platform mobile development in both C# and C++ languages.